SymbOS/Cabir.K!worm - Released Jun 19, 2006 - Last Updated Dec 12, 2006
|
Alias/esWorm.SymbOS.Cabir.k, SymbOS/Cabir.gen virus, SymbOS/Cabir.K worm |
Detection Availability
|
Visible SymptomsThe mobile phone will become slow.
A message is displayed when the worm is first received. |
Detailed AnalysisIt is a Symbian virus, packed in .sis format.
Displays the following message prompting the user to install:
install caribe?
Extracts the following three files:
- !:\system\apps\caribe\flo.mdl
- !:\system\apps\caribe\caribe.app
- !:\system\apps\caribe\caribe.rsc
Copies these extracted files to the following locations:
- C:\system\recogs\flo.mdl
- C:\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\caribe.app
- C:\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\caribe.rsc
Rebuilds a .SIS file from the above files into the following location:
C:\system\SYMBIANSECUREDATA\CARIBESECURITYMANAGER\CAMTIMER.sis
Attempts to send a copy of the .sis file to all Bluetooth-enabled devices that it finds. |
Recommended ActionDelete all the virus files using a file manager program or an AV software for mobile.
|
